[go: up one dir, main page]

US20080192929A1 - Secure communication unit - Google Patents

Secure communication unit Download PDF

Info

Publication number
US20080192929A1
US20080192929A1 US12/069,575 US6957508A US2008192929A1 US 20080192929 A1 US20080192929 A1 US 20080192929A1 US 6957508 A US6957508 A US 6957508A US 2008192929 A1 US2008192929 A1 US 2008192929A1
Authority
US
United States
Prior art keywords
module
security unit
coordination
cryptography
communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US12/069,575
Inventor
Harry Knechtel
Marco Hofmann
Gunnar Hettstedt
Marc Lindlbauer
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SECURITY NETWORKS AG
Secunet Security Networks AG
Original Assignee
SECURITY NETWORKS AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SECURITY NETWORKS AG filed Critical SECURITY NETWORKS AG
Assigned to SECUNET SECURITY NETWORKS AKTIENGESELLSCHAFT reassignment SECUNET SECURITY NETWORKS AKTIENGESELLSCHAFT ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: KNECHTEL, HARRY, HETTSTEDT, GUNNAR, HOFMANN, MARCO, LINDLBAUER, MARC
Publication of US20080192929A1 publication Critical patent/US20080192929A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Definitions

  • the present invention relates to a secure communication unit. More particularly this invention concerns such a unit for use in a vehicle, e.g an aircraft or a watercraft, or even in a production line or in a remotely controlled system.
  • Such a system customarily has a plurality of electrical or electronic components, where the components or their control units can be connected to one another via a communications network, thereby forming an interconnected communications system.
  • a communications network within the context of the invention refers especially to a bus system, e.g. a bus system in an automobile, an aircraft, or a ship, or a bus system or network for machines in production lines or for remotely controlled systems.
  • equipment of this type e.g. motor vehicles
  • controllers have at their disposal a plurality of controllers that can be configured as programmable control devices and that are to an ever-increasing extent being interconnected with their environment. For this reason, efforts are being made to ensure the integrity and authenticity of data from such control devices.
  • Another object is the provision of such an improved secure communication unit that overcomes the above-given disadvantages, in particular that will function reliably and rapidly to ensure a high level of security.
  • the invention proposes a security unit (secure communication unit), e.g. for a vehicle, aircraft, ship, or the like, that has at least one cryptography module (crypto unit) with which cryptographic codes are generated, stored, managed and/or processed, and at least one coordination module for the coordination of individual modules within the security unit.
  • the cryptography module integrated into the security unit generates cryptographic codes, e.g. symmetrical or asymmetrical codes.
  • data received from another module via an interface can be encrypted and/or signed.
  • data received from another module via an interface can be decoded and/or signatures verified or analyzed.
  • the security unit also has at least one coordination module for the coordination and communication of the individual modules within the security unit.
  • the coordination module manages the hardware resources, assigns these resources to applications, and ensures communication between the modules of the security unit and/or controls the modules.
  • the coordination module ensures that the individual modules within the security unit can be operated without mutually influencing one another, and that in the event of a compromise, the compromised module is isolated, separating it from the remaining connected modules. Authentication is then performed via the cryptography module.
  • the coordination module ensures the fail-safe status of the security unit of the invention.
  • the security unit is equipped with at least one programming module, via which the security unit, or one or more modules of the security unit, can be programmed, e.g. via an external system.
  • the cryptography module is particularly preferably configured as a hardware module. It is also advantageous for the coordination module and/or the programming module to be configured as hardware modules.
  • the security unit of the invention can be intended, e.g. for an interconnected communications system, e.g. for a vehicle, aircraft, ship, etc., or can be integrated into such a communications system.
  • Such an interconnected communications system can be composed of a plurality of controllers for individual electrical and/or electronic components that are connected to one another via a communications network, e.g. a bus. It is also possible for the security unit of the invention to be connected to the remaining controllers via the communications network.
  • the security unit can be equipped with an internal communications module to allow the security unit to communicate with one or more controllers (electronic controller) of the interconnected communications system. This internal communications module can (optionally) be downloaded via the programming module.
  • the invention is based upon the recognition that the security within an interconnected communications system that has a plurality of electrical or electronic devices with corresponding controllers is significantly increased if a security unit is integrated into this communications system that especially has a cryptography module in hardware form, e.g. ASIC or FPGA.
  • the cryptography unit generates and stores cryptographic code material in a secure manner.
  • the cryptography module also securely and rapidly executes cryptographic operations and stores data.
  • the coordination module ensures the fail-safe and efficient management of the described functions, and isolation of the modules that are connected to the communications module should a module become compromised, with the isolation of the compromised module being effected by blocking access to the communications module.
  • the programming module ensures the secure downloading of modules, allowing a security unit to be adapted to the requirements of different application environments and, e.g. vehicle manufacturers.
  • the security unit of the invention can also be operated alone or independently of such a communications system, in other words in “stand-alone mode.”
  • Such communication can be conducted via the processor communications module to be described in what follows, which can also be integrated into the security unit.
  • the security unit therefore consists at least of the cryptography unit implemented in hardware form, the coordination module implemented in hardware form, the programming module implemented in hardware form, and the internal communications module that is optionally programmable following authentication via the cryptography unit.
  • the security unit has at least one external communications module for communication between the security unit and one or more external devices.
  • An external device is a device that is not integrated into the interconnected communications system.
  • the security unit is therefore equipped with the (additional) communications module for communicating with systems outside the interconnected communications system, with the module being programmed via the cryptography module following authentication.
  • the security unit can have at least one processor communications module for communication between the security unit and at least one external processor.
  • the security unit can be connected to another processor via this internal processor communications module that can be programmed via the cryptography unit following authentication.
  • the security unit also makes it possible to load additional modules into the security unit via the cryptography module following authentication, and to log these into the coordination module.
  • the internal communications module can be configured as a hardware module or as a software module. It is also possible for the external communications module to be configured as a hardware module or a software module. Finally, the processor communications module can be configured as a hardware module or a software module.
  • the internal communications module, the external communications module, the programming module and/or the processor communications module are connected to the cryptography unit via the coordination module, or access the cryptography unit via the coordination module.
  • a secure cryptographic anchor of confidence can therefore be created in a vehicle, under the sole control, for example of the automobile manufacturer, which lends full effectiveness to cryptographic processes and their applications and is capable of executing cryptographic operations at sufficient speed in order to ensure security based upon cryptographic functions. With this, security can be ensured especially during time-critical situations in the vehicle. It can also include rapid conveyor belt processes for the cost-effective production of vehicles, rapid servicing processes for minimizing maintenance costs, vehicle-to-vehicle communication, and online access within vehicles.
  • the invention is further based upon the knowledge that, e.g. in the field of vehicles, aircraft and ships, special requirements in terms of the application environment must be fulfilled.
  • FIG. 1 is a simplified block diagram of an interconnected communications system with a security unit according to the invention.
  • FIG. 2 a schematic view of a detail of the system of FIG. 1 .
  • an interconnected communications system KV for a device has a plurality of electrical and/or electronic components.
  • This device can, for example, be a motor vehicle.
  • Each of the individual electrical or electronic components has a controller ECU.
  • These individual controllers ECU are connected to one another via a bus communications network that in the illustrated embodiment is configured as a bus system.
  • a bus communications network that in the illustrated embodiment is configured as a bus system.
  • Such a vehicle bus may be a CAN bus, for example.
  • a security unit SCU is integrated into this interconnected communications system KV that—like the remaining controllers—is connected to the bus system. This is shown schematically in FIG. 1 . However, the security unit SCU can also be operated alone or without the represented communications system, i.e. in “stand-alone mode.”
  • this security unit SCU of the invention The structure and functioning of this security unit SCU of the invention are illustrated in detail in FIG. 2 .
  • This security unit SCU which is connected to the vehicle bus, is equipped with a cryptography module KU, a coordination module KM, a programming module PM, and an internal communications module IKOM.
  • the cryptography module KU, the coordination module KM and the programming module PM are each configured as hardware.
  • the internal communications module IKOM is optionally provided, and can, e.g. be downloaded via a programming module PM.
  • An external communications module EKOM and a processor communications module IPCM are also integrated into the security unit SCU in the illustrated embodiment.
  • the functional center of this security unit SCU is the cryptography unit or the cryptography module KU, configured as a hardware module, with which cryptographic codes are generated, stored, managed and/or processed.
  • the cryptography unit KU provides a secure environment for the generation and management of cryptographic code material. Secure storage areas are also provided. These secure storage areas are protected against unauthorized reading and writing of any data, but especially cryptographic codes. These storage areas can also be configured in terms of access to and management of the data stored there. For instance, it is possible to control whether such data can be re-exported, or are to be used only within the security unit.
  • the cryptography unit KU is capable of generating random strings of numbers in configurable lengths and/or symmetrical codes in configurable lengths and/or asymmetrical codes in configurable lengths, in response to internal commands from the security unit.
  • the cryptography unit KU is therefore equipped with a generic interface.
  • configurable algorithms are implemented, i.e. the cryptography module KU can be configured with respect to the algorithms via data input, the generic interface remaining the same on the outside. In this manner, random data can be encrypted or electronically signed symmetrically or asymmetrically, or a fingerprint of the data can be calculated.
  • the cryptography unit is further equipped with an interface via which it can be connected to a PKI (public key infrastructure).
  • the cryptography module KU is capable of exporting certification queries and importing certificates. Furthermore, the cryptography unit KU is capable of protecting storage areas outside the security unit SCU against reading and writing access from outside the security unit.
  • the cryptography module KU verifies electronic signatures (symmetrical and asymmetrical), including an optional certificate chain.
  • the cryptography unit KU can provide a secured time. Because the cryptography unit KU is configured as a hardware module, it cannot be programmed from the outside without authorization. It is also optionally resistant to hardware attacks.
  • the coordination module KM is also part of the security-relevant core, along with the cryptography module KU, and ensures that the individual modules are operated reliably within the security unit without mutually influencing one another. In the event of a compromise, the coordination module KM isolates the compromised module from the remaining connected modules. In this manner, the coordination module, in its function as the central SCU communications interface, is able to suppress communication to and from the compromised module.
  • the coordination module KM manages the hardware resources of the security unit SCU and assigns them to the respective modules or applications. To the extent necessary, the coordination module KM safeguards communication between the individual modules of the security unit.
  • the (optional) internal communications module IKOM is also important within the scope of the invention.
  • internal refers to communication within the interconnected communications system KV, i.e. communication between the security unit SCU and individual controllers ECU of a communications system. These control units ECU can be constituent elements, e.g. of corresponding vehicle components, or can assigned to such vehicle components.
  • the internal communications module IKOM preferably implements bidirectional communication between the security unit SCU and other control devices ECU of the interconnected communications system KV. If a controller ECU is itself equipped with a corresponding security unit, and therefore a plurality of security units are integrated into a communications system, then an authentic data exchange that is protected against manipulation is possible between these security units via a protocol. Data exchange may also optionally be confidential.
  • FIG. 2 demonstrates that for the application of cryptographic methods, the internal communications module IKOM accesses the cryptography unit KU via the coordination module KM. It is optionally possible to configure the internal communications module IKOM to “eavesdrop” on certain data being transferred within the communications system, where it can then be provided that these data are stored in the secure area of the cryptography module KU.
  • the external communications module EKOM that is also provided enables data communication between the security unit of the communications system and an external system, e.g. a system connected outside the vehicle or not connected to the bus.
  • an external system ES can be, for example, a testing device or a temporarily connected server.
  • the connection set-up is authentic, i.e. a connection is established only when the external communications module EKOM has authenticated the external system ES with the help of the cryptography module KU.
  • the security unit SCU may also authenticate itself to the external system ES through the external communications module EKOM. Further, the option exists to transfer the transmitted, authenticated data, encrypted as needed.
  • the authentication of the data can also be coupled to the authentication of the connection set-up.
  • the external communications module EKOM it is possible for the external communications module EKOM to be equipped with one or more filters that determine whether or not to forward data.
  • An external communications module EKOM stores the authentication data from a connection.
  • a further essential component of the security unit of the invention is the programming module PM shown in FIG. 2 .
  • this module configurable access to storage areas of the security unit is possible, so that modules and data can be downloaded.
  • Programming access is authenticated and achieved via an external system ES. This is indicated in FIG. 2 by the connection between the external system ES and the programming module PM, with the programming module PM in turn being connected to the coordination module KM and via this coordination module KM to the remaining modules of the security unit.
  • the programming module also verifies the authenticity and integrity of downloaded modules and data.
  • FIG. 2 demonstrates that the security unit can be equipped with an (optional) processor communications module IPC that enables bidirectional IPC communication between the security unit SCU and another processor.
  • IPC processor communications module
  • a security unit SCU can make the cryptographic services of the cryptography unit KU available to another processor ⁇ C via a protocol.
  • the processor depicted in the illustrated embodiment in FIG. 2 is a microprocessor ⁇ C.
  • the security unit communicates not (directly) with an interconnected communications system, but, e.g. via the processor communications module IPCM, with a processor that can then optionally transmit information/data.
  • the internal communications module IKOM can optionally be dispensed with.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Small-Scale Networks (AREA)
  • Storage Device Security (AREA)

Abstract

A vehicle having electrical or electronic components connected to a communication network also has a security unit connected to the network. This security unit in turn has at least one cryptography module connected to the communication network and with which cryptographic codes are generated, stored, managed or processed and at least one coordination module for the coordination of individual modules within the security unit.

Description

    FIELD OF THE INVENTION
  • The present invention relates to a secure communication unit. More particularly this invention concerns such a unit for use in a vehicle, e.g an aircraft or a watercraft, or even in a production line or in a remotely controlled system.
    • BACKGROUND OF THE INVENTION
  • Such a system (e.g. a vehicle) customarily has a plurality of electrical or electronic components, where the components or their control units can be connected to one another via a communications network, thereby forming an interconnected communications system. A communications network within the context of the invention refers especially to a bus system, e.g. a bus system in an automobile, an aircraft, or a ship, or a bus system or network for machines in production lines or for remotely controlled systems. Today, equipment of this type (e.g. motor vehicles) have at their disposal a plurality of controllers that can be configured as programmable control devices and that are to an ever-increasing extent being interconnected with their environment. For this reason, efforts are being made to ensure the integrity and authenticity of data from such control devices. In such efforts, the approach of using cryptographic methods to secure the integrity and authenticity of data is generally known. In vehicles, the process of applying cryptographically secured protocols to safely transport data to vehicles in the manufacturing plant and in the field is already known. Such known methods are software-based and run on processors that have no memory areas or have memory areas that are insufficiently cryptographically secured. Moreover, processors of this type do not possess the necessary processing capacity for complex cryptographic protocols and computing operations.
    • OBJECTS OF THE INVENTION
  • It is therefore an object of the present invention to provide an improved secure communication unit.
  • Another object is the provision of such an improved secure communication unit that overcomes the above-given disadvantages, in particular that will function reliably and rapidly to ensure a high level of security.
    • SUMMARY OF THE INVENTION
  • To attain this object, the invention proposes a security unit (secure communication unit), e.g. for a vehicle, aircraft, ship, or the like, that has at least one cryptography module (crypto unit) with which cryptographic codes are generated, stored, managed and/or processed, and at least one coordination module for the coordination of individual modules within the security unit. The cryptography module integrated into the security unit generates cryptographic codes, e.g. symmetrical or asymmetrical codes. In this manner, data received from another module via an interface can be encrypted and/or signed. In addition, with the cryptography module, data received from another module via an interface can be decoded and/or signatures verified or analyzed. The security unit also has at least one coordination module for the coordination and communication of the individual modules within the security unit. The coordination module manages the hardware resources, assigns these resources to applications, and ensures communication between the modules of the security unit and/or controls the modules. In this form, the coordination module ensures that the individual modules within the security unit can be operated without mutually influencing one another, and that in the event of a compromise, the compromised module is isolated, separating it from the remaining connected modules. Authentication is then performed via the cryptography module. The coordination module ensures the fail-safe status of the security unit of the invention. According to the preferred embodiment, the security unit is equipped with at least one programming module, via which the security unit, or one or more modules of the security unit, can be programmed, e.g. via an external system. The cryptography module is particularly preferably configured as a hardware module. It is also advantageous for the coordination module and/or the programming module to be configured as hardware modules.
  • The security unit of the invention can be intended, e.g. for an interconnected communications system, e.g. for a vehicle, aircraft, ship, etc., or can be integrated into such a communications system. Such an interconnected communications system can be composed of a plurality of controllers for individual electrical and/or electronic components that are connected to one another via a communications network, e.g. a bus. It is also possible for the security unit of the invention to be connected to the remaining controllers via the communications network. Furthermore, the security unit can be equipped with an internal communications module to allow the security unit to communicate with one or more controllers (electronic controller) of the interconnected communications system. This internal communications module can (optionally) be downloaded via the programming module.
  • The invention is based upon the recognition that the security within an interconnected communications system that has a plurality of electrical or electronic devices with corresponding controllers is significantly increased if a security unit is integrated into this communications system that especially has a cryptography module in hardware form, e.g. ASIC or FPGA. The cryptography unit generates and stores cryptographic code material in a secure manner. The cryptography module also securely and rapidly executes cryptographic operations and stores data. The coordination module ensures the fail-safe and efficient management of the described functions, and isolation of the modules that are connected to the communications module should a module become compromised, with the isolation of the compromised module being effected by blocking access to the communications module. The programming module ensures the secure downloading of modules, allowing a security unit to be adapted to the requirements of different application environments and, e.g. vehicle manufacturers.
  • The described possibility of integrating a security unit into an interconnected communications system represents one possible embodiment of the invention. However, the security unit of the invention can also be operated alone or independently of such a communications system, in other words in “stand-alone mode.” Within the context of the invention this means that the security unit communicates not with an interconnected communications system (directly) via, e.g. an internal communications module, but, e.g. with a processor that is not itself part of the security unit. Such communication can be conducted via the processor communications module to be described in what follows, which can also be integrated into the security unit.
  • In the preferred embodiment, the security unit therefore consists at least of the cryptography unit implemented in hardware form, the coordination module implemented in hardware form, the programming module implemented in hardware form, and the internal communications module that is optionally programmable following authentication via the cryptography unit.
  • According to a further proposal of the invention, the security unit has at least one external communications module for communication between the security unit and one or more external devices. An external device is a device that is not integrated into the interconnected communications system. The security unit is therefore equipped with the (additional) communications module for communicating with systems outside the interconnected communications system, with the module being programmed via the cryptography module following authentication.
  • In a further optional embodiment, the security unit can have at least one processor communications module for communication between the security unit and at least one external processor. Thus the security unit can be connected to another processor via this internal processor communications module that can be programmed via the cryptography unit following authentication. The security unit also makes it possible to load additional modules into the security unit via the cryptography module following authentication, and to log these into the coordination module.
  • The internal communications module can be configured as a hardware module or as a software module. It is also possible for the external communications module to be configured as a hardware module or a software module. Finally, the processor communications module can be configured as a hardware module or a software module.
  • The internal communications module, the external communications module, the programming module and/or the processor communications module are connected to the cryptography unit via the coordination module, or access the cryptography unit via the coordination module.
  • Within the scope of the invention a secure cryptographic anchor of confidence can therefore be created in a vehicle, under the sole control, for example of the automobile manufacturer, which lends full effectiveness to cryptographic processes and their applications and is capable of executing cryptographic operations at sufficient speed in order to ensure security based upon cryptographic functions. With this, security can be ensured especially during time-critical situations in the vehicle. It can also include rapid conveyor belt processes for the cost-effective production of vehicles, rapid servicing processes for minimizing maintenance costs, vehicle-to-vehicle communication, and online access within vehicles. The invention is further based upon the knowledge that, e.g. in the field of vehicles, aircraft and ships, special requirements in terms of the application environment must be fulfilled.
    • BRIEF DESCRIPTION OF THE DRAWING
  • The above and other objects, features, and advantages will become more readily apparent from the following description, reference being made to the accompanying drawing in which:
  • FIG. 1 is a simplified block diagram of an interconnected communications system with a security unit according to the invention; and
  • FIG. 2 a schematic view of a detail of the system of FIG. 1.
    •  SPECIFIC DESCRIPTION
  • As seen in the drawing, an interconnected communications system KV for a device is shown that has a plurality of electrical and/or electronic components. This device can, for example, be a motor vehicle. Each of the individual electrical or electronic components has a controller ECU. These individual controllers ECU are connected to one another via a bus communications network that in the illustrated embodiment is configured as a bus system. Such a vehicle bus may be a CAN bus, for example. In the illustrated embodiment shown, a security unit SCU is integrated into this interconnected communications system KV that—like the remaining controllers—is connected to the bus system. This is shown schematically in FIG. 1. However, the security unit SCU can also be operated alone or without the represented communications system, i.e. in “stand-alone mode.”
  • The structure and functioning of this security unit SCU of the invention are illustrated in detail in FIG. 2.
  • This security unit SCU, which is connected to the vehicle bus, is equipped with a cryptography module KU, a coordination module KM, a programming module PM, and an internal communications module IKOM. The cryptography module KU, the coordination module KM and the programming module PM are each configured as hardware. The internal communications module IKOM is optionally provided, and can, e.g. be downloaded via a programming module PM.
  • An external communications module EKOM and a processor communications module IPCM are also integrated into the security unit SCU in the illustrated embodiment.
  • The functional center of this security unit SCU is the cryptography unit or the cryptography module KU, configured as a hardware module, with which cryptographic codes are generated, stored, managed and/or processed. The cryptography unit KU provides a secure environment for the generation and management of cryptographic code material. Secure storage areas are also provided. These secure storage areas are protected against unauthorized reading and writing of any data, but especially cryptographic codes. These storage areas can also be configured in terms of access to and management of the data stored there. For instance, it is possible to control whether such data can be re-exported, or are to be used only within the security unit.
  • With this, the cryptography unit KU is capable of generating random strings of numbers in configurable lengths and/or symmetrical codes in configurable lengths and/or asymmetrical codes in configurable lengths, in response to internal commands from the security unit. The cryptography unit KU is therefore equipped with a generic interface. In addition, configurable algorithms are implemented, i.e. the cryptography module KU can be configured with respect to the algorithms via data input, the generic interface remaining the same on the outside. In this manner, random data can be encrypted or electronically signed symmetrically or asymmetrically, or a fingerprint of the data can be calculated. The cryptography unit is further equipped with an interface via which it can be connected to a PKI (public key infrastructure). Thus an asymmetrical code pair can be reliably generated and stored as described, and a certification query for this PKI can be exported. In this connection, the cryptography module KU is capable of exporting certification queries and importing certificates. Furthermore, the cryptography unit KU is capable of protecting storage areas outside the security unit SCU against reading and writing access from outside the security unit. The cryptography module KU verifies electronic signatures (symmetrical and asymmetrical), including an optional certificate chain. In addition, the cryptography unit KU can provide a secured time. Because the cryptography unit KU is configured as a hardware module, it cannot be programmed from the outside without authorization. It is also optionally resistant to hardware attacks.
  • The coordination module KM, also shown in FIG. 2, is also part of the security-relevant core, along with the cryptography module KU, and ensures that the individual modules are operated reliably within the security unit without mutually influencing one another. In the event of a compromise, the coordination module KM isolates the compromised module from the remaining connected modules. In this manner, the coordination module, in its function as the central SCU communications interface, is able to suppress communication to and from the compromised module. The coordination module KM manages the hardware resources of the security unit SCU and assigns them to the respective modules or applications. To the extent necessary, the coordination module KM safeguards communication between the individual modules of the security unit.
  • Also important within the scope of the invention is the (optional) internal communications module IKOM. In this context, internal refers to communication within the interconnected communications system KV, i.e. communication between the security unit SCU and individual controllers ECU of a communications system. These control units ECU can be constituent elements, e.g. of corresponding vehicle components, or can assigned to such vehicle components. The internal communications module IKOM preferably implements bidirectional communication between the security unit SCU and other control devices ECU of the interconnected communications system KV. If a controller ECU is itself equipped with a corresponding security unit, and therefore a plurality of security units are integrated into a communications system, then an authentic data exchange that is protected against manipulation is possible between these security units via a protocol. Data exchange may also optionally be confidential. In this connection, FIG. 2 demonstrates that for the application of cryptographic methods, the internal communications module IKOM accesses the cryptography unit KU via the coordination module KM. It is optionally possible to configure the internal communications module IKOM to “eavesdrop” on certain data being transferred within the communications system, where it can then be provided that these data are stored in the secure area of the cryptography module KU.
  • While the operated internal communications module IKOM implements communication within the interconnected communications system, the external communications module EKOM that is also provided enables data communication between the security unit of the communications system and an external system, e.g. a system connected outside the vehicle or not connected to the bus. Such an external system ES can be, for example, a testing device or a temporarily connected server. In this case the connection set-up is authentic, i.e. a connection is established only when the external communications module EKOM has authenticated the external system ES with the help of the cryptography module KU. Optionally, the security unit SCU may also authenticate itself to the external system ES through the external communications module EKOM. Further, the option exists to transfer the transmitted, authenticated data, encrypted as needed. In this, the authentication of the data can also be coupled to the authentication of the connection set-up. Moreover, it is possible for the external communications module EKOM to be equipped with one or more filters that determine whether or not to forward data. An external communications module EKOM stores the authentication data from a connection.
  • A further essential component of the security unit of the invention is the programming module PM shown in FIG. 2. With this module, configurable access to storage areas of the security unit is possible, so that modules and data can be downloaded. Programming access is authenticated and achieved via an external system ES. This is indicated in FIG. 2 by the connection between the external system ES and the programming module PM, with the programming module PM in turn being connected to the coordination module KM and via this coordination module KM to the remaining modules of the security unit. The programming module also verifies the authenticity and integrity of downloaded modules and data.
  • Finally, FIG. 2 demonstrates that the security unit can be equipped with an (optional) processor communications module IPC that enables bidirectional IPC communication between the security unit SCU and another processor. In this manner, a security unit SCU can make the cryptographic services of the cryptography unit KU available to another processor μC via a protocol. The processor depicted in the illustrated embodiment in FIG. 2 is a microprocessor μC.
  • In a modified embodiment (not shown), the security unit communicates not (directly) with an interconnected communications system, but, e.g. via the processor communications module IPCM, with a processor that can then optionally transmit information/data. In such cases, which are referred to in the invention as the “stand-alone mode,” the internal communications module IKOM can optionally be dispensed with.

Claims (13)

1. A security unit comprising:
at least one cryptography module connected to the communication network and with which cryptographic codes are generated, stored, managed or processed; and
at least one coordination module for the coordination of individual modules within the security unit.
2. The security unit defined in claim 1 wherein the cryptography module generates cryptographic codes in the form of symmetrical or asymmetrical codes or data received from another module via an interface can be encrypted or signed or data received from another module via an interface can be decoded and/or signatures verified or analyzed.
3. The security unit defined in claim 1 wherein, in case of comprise of one or more modules, the coordination module isolates the compromised module with respect to one or more of the other modules.
4. The security unit defined in claim 1, further comprising
at least one programming module by means of which the security unit or a module of the security unit can be programmed.
5. The security unit defined in claim 1, further comprising
at least one external communications module for communication between the security unit and one or more external devices not integrated into the interconnected communications system.
6. The security unit defined in claim 1, further comprising
at least one processor communications module for communication between the security unit and at least one external processor.
7. The security unit defined in claim 1, further comprising
a communication network of a vehicle;
a communication network; and
a plurality of controllers connected via the communication network with the security unit.
8. The security unit defined in claim 7 wherein the security unit has an internal communications module for communication with the controllers via the communication network.
9. The security unit defined in claim 7 wherein communication network is a bus system.
10. The security unit defined in claim 1 wherein the cryptography module is hardware.
11. The security unit defined in claim 4 wherein the coordination module or the programming module is hardware.
12. The security unit defined in claim 1, further comprising:
an internal communication module;
an the external communication module;
a programming module; and
a processor communication module, at least one of which communicate with the cryptography module via the coordination module.
13. In combination with a vehicle having
electrical or electronic components;
a communication network; and
a security unit connected to the network and comprising
at least one cryptography module connected to the communication network and with which cryptographic codes are generated, stored, managed or processed; and
at least one coordination module for the coordination of individual modules within the security unit.
US12/069,575 2007-02-13 2008-02-11 Secure communication unit Abandoned US20080192929A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP07003042.4 2007-02-13
EP07003042A EP1959606B1 (en) 2007-02-13 2007-02-13 Safety unit

Publications (1)

Publication Number Publication Date
US20080192929A1 true US20080192929A1 (en) 2008-08-14

Family

ID=38226433

Family Applications (1)

Application Number Title Priority Date Filing Date
US12/069,575 Abandoned US20080192929A1 (en) 2007-02-13 2008-02-11 Secure communication unit

Country Status (6)

Country Link
US (1) US20080192929A1 (en)
EP (1) EP1959606B1 (en)
JP (1) JP2008271506A (en)
KR (1) KR20080075801A (en)
CN (1) CN101350725A (en)
ES (1) ES2391786T3 (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101908962A (en) * 2009-12-24 2010-12-08 中国航空工业集团公司第六三一研究所 Key management method for integrated avionic system
US20110138188A1 (en) * 2009-12-04 2011-06-09 Electronics And Telecommunications Research Institute Method and system for verifying software platform of vehicle
US20150254461A1 (en) * 2014-03-07 2015-09-10 Airbus Operations (Sas) Testing integrated independent levels of security components hosted on a virtualization platform
US20150324576A1 (en) * 2014-05-12 2015-11-12 Robert Bosch Gmbh Method for implementing a communication between control units
WO2016067549A1 (en) * 2014-10-28 2016-05-06 株式会社デンソー Communication device
US20170244566A1 (en) * 2016-02-18 2017-08-24 Volkswagen Ag Component for connecting to a data bus, and methods for implementing a cryptographic functionality in such a component
US9881165B2 (en) 2012-03-29 2018-01-30 Arilou Information Security Technologies Ltd. Security system and method for protecting a vehicle electronic system
EP3195674A4 (en) * 2014-09-14 2018-02-28 Thompson Aerospace Inc. Method and system for security and authentication of aircraft data transmissions
US9990503B2 (en) * 2015-08-04 2018-06-05 Ge Aviation Systems, Llc Cryptographic key server embedded in data transfer system
US10303886B2 (en) 2016-02-18 2019-05-28 Volkswagen Ag Component for processing a protectable datum and method for implementing a security function for protecting a protective datum in such a component
WO2019166398A1 (en) * 2018-02-27 2019-09-06 Robert Bosch Gmbh Computer program, particularly for a control unit of a motor vehicle
US10664413B2 (en) 2017-01-27 2020-05-26 Lear Corporation Hardware security for an electronic control unit
CN112514322A (en) * 2018-08-03 2021-03-16 大陆-特韦斯贸易合伙股份公司及两合公司 Method for managing keys inside a vehicle
US11184340B2 (en) * 2017-12-15 2021-11-23 Volkswagen Aktiengesellschaft Apparatus, method, and computer program for enabling a transportation vehicle component and vehicle-to-vehicle communication module
US11510051B2 (en) 2017-12-15 2022-11-22 Volkswagen Aktiengesellschaft Devices, methods, and computer program for releasing transportation vehicle components, and vehicle-to-vehicle communication module

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102008050406A1 (en) * 2008-10-04 2010-04-08 Bayerische Motoren Werke Aktiengesellschaft Method for transmission of data e.g. vehicle identification number, between computer of motor vehicle and central computer of computer network, involves performing data transmission only in case of required connection establishment
EP2211523B1 (en) * 2009-01-23 2016-05-04 Siemens Aktiengesellschaft Communication network and conversion module
DE102012024818A1 (en) * 2012-03-06 2013-09-12 Conti Temic Microelectronic Gmbh Procedures to improve functional safety and increase the availability of an electronic control system, as well as an electronic control system
DE102012209445A1 (en) * 2012-06-05 2013-12-05 Robert Bosch Gmbh Method for secure transmission of safety critical function data between diagnosis tester and control device in control system in vehicle, involves synchronizing keys, and initiating access to client during coincidence of keys
DE102012019993A1 (en) 2012-10-12 2014-04-17 Audi Ag Method for configuring a control unit, control unit and vehicle
DE102012224194B4 (en) 2012-12-21 2018-08-02 Continental Automotive Gmbh Control system for a motor vehicle
CN105594155B (en) * 2014-05-08 2019-08-02 松下电器(美国)知识产权公司 Vehicle network system, electronic control unit and update processing method
ITMO20140156A1 (en) * 2014-05-29 2015-11-29 Cnh Ind Italia Spa SAFETY SYSTEM FOR A VEHICLE.
CN104468122A (en) * 2014-12-05 2015-03-25 中国航空工业集团公司第六三一研究所 Universal flight data encryption method
CN105656884A (en) * 2015-12-28 2016-06-08 延锋伟世通电子科技(上海)有限公司 Automobile bus security control device based on security elements and control method thereof
KR102444239B1 (en) * 2016-01-21 2022-09-16 삼성전자주식회사 Security Chip, Application Processor, Device including security Chip and Operating Method thereof
CN106101111B (en) * 2016-06-24 2019-10-25 郑州信大捷安信息技术股份有限公司 Vehicle electronics safe communication system and communication means
DE102017216047A1 (en) 2017-09-12 2019-03-14 Audi Ag Method for setting a reference time
KR102573490B1 (en) 2018-09-10 2023-09-01 한화오션 주식회사 Security system for preventing hacking of communication network in ship
KR102659096B1 (en) 2019-06-11 2024-04-18 한화오션 주식회사 Integrated security network system having reinforced cyber security in smartship

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6021201A (en) * 1997-01-07 2000-02-01 Intel Corporation Method and apparatus for integrated ciphering and hashing
US6526460B1 (en) * 1998-08-28 2003-02-25 Daimlerchrysler Ag Vehicle communications system
US20040187035A1 (en) * 2001-06-12 2004-09-23 Olaf Schwan Control unit
US20040210362A1 (en) * 2003-04-21 2004-10-21 Larson Timothy A. Computerized wheel alignment system with improved stability and serviceability
US7050947B2 (en) * 2002-01-04 2006-05-23 Siemens Vdo Automotive Corporation Remote control communication including secure synchronization
US7203842B2 (en) * 1999-12-22 2007-04-10 Algotronix, Ltd. Method and apparatus for secure configuration of a field programmable gate array
US20090046859A1 (en) * 2007-08-17 2009-02-19 Infineon Technologies Ag Methods for the generation of identical symmetrical cryptographic keys

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19955545A1 (en) 1999-11-18 2001-05-23 Volkswagen Ag System for controlling a motor vehicle uses control devices fitted with a cryptocontroller storing a program for encrypting and/or a secret code in memory and keeping it safe from manipulation
DE10141737C1 (en) * 2001-08-25 2003-04-03 Daimler Chrysler Ag Secure communication method for use in vehicle has new or updated programs provided with digital signature allowing checking by external trust centre for detection of false programs

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6021201A (en) * 1997-01-07 2000-02-01 Intel Corporation Method and apparatus for integrated ciphering and hashing
US6526460B1 (en) * 1998-08-28 2003-02-25 Daimlerchrysler Ag Vehicle communications system
US7203842B2 (en) * 1999-12-22 2007-04-10 Algotronix, Ltd. Method and apparatus for secure configuration of a field programmable gate array
US20040187035A1 (en) * 2001-06-12 2004-09-23 Olaf Schwan Control unit
US7698737B2 (en) * 2001-06-12 2010-04-13 Giesecke & Devrient Gmbh Tamper-resistant control unit
US7050947B2 (en) * 2002-01-04 2006-05-23 Siemens Vdo Automotive Corporation Remote control communication including secure synchronization
US20040210362A1 (en) * 2003-04-21 2004-10-21 Larson Timothy A. Computerized wheel alignment system with improved stability and serviceability
US20090046859A1 (en) * 2007-08-17 2009-02-19 Infineon Technologies Ag Methods for the generation of identical symmetrical cryptographic keys

Cited By (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110138188A1 (en) * 2009-12-04 2011-06-09 Electronics And Telecommunications Research Institute Method and system for verifying software platform of vehicle
US8327153B2 (en) 2009-12-04 2012-12-04 Electronics And Telecommunications Research Institute Method and system for verifying software platform of vehicle
CN101908962A (en) * 2009-12-24 2010-12-08 中国航空工业集团公司第六三一研究所 Key management method for integrated avionic system
US9881165B2 (en) 2012-03-29 2018-01-30 Arilou Information Security Technologies Ltd. Security system and method for protecting a vehicle electronic system
US10534922B2 (en) 2012-03-29 2020-01-14 Arilou Information Security Technologies Ltd. Security system and method for protecting a vehicle electronic system
US11120149B2 (en) 2012-03-29 2021-09-14 Arilou Information Security Technologies Ltd. Security system and method for protecting a vehicle electronic system
US12306967B2 (en) 2012-03-29 2025-05-20 Sheelds Cyber Ltd. Security system and method for protecting a vehicle electronic system
US10002258B2 (en) 2012-03-29 2018-06-19 Arilou Information Security Technologies Ltd. Security system and method for protecting a vehicle electronic system
US11651088B2 (en) 2012-03-29 2023-05-16 Sheelds Cyber Ltd. Protecting a vehicle bus using timing-based rules
US9965636B2 (en) 2012-03-29 2018-05-08 Arilou Information Security Technologies Ltd. Security system and method for protecting a vehicle electronic system
US11709950B2 (en) 2012-03-29 2023-07-25 Sheelds Cyber Ltd. Security system and method for protecting a vehicle electronic system
US20150254461A1 (en) * 2014-03-07 2015-09-10 Airbus Operations (Sas) Testing integrated independent levels of security components hosted on a virtualization platform
US9747453B2 (en) * 2014-03-07 2017-08-29 Airbus Operations Sas Testing integrated independent levels of security components hosted on a virtualization platform
US20150324576A1 (en) * 2014-05-12 2015-11-12 Robert Bosch Gmbh Method for implementing a communication between control units
US10305679B2 (en) * 2014-05-12 2019-05-28 Robert Bosch Gmbh Method for implementing a communication between control units
EP3195674A4 (en) * 2014-09-14 2018-02-28 Thompson Aerospace Inc. Method and system for security and authentication of aircraft data transmissions
US11006277B2 (en) 2014-09-14 2021-05-11 Thompson Aerospace, Inc. Method and system for security and authentication of aircraft data transmissions
WO2016067549A1 (en) * 2014-10-28 2016-05-06 株式会社デンソー Communication device
US9990503B2 (en) * 2015-08-04 2018-06-05 Ge Aviation Systems, Llc Cryptographic key server embedded in data transfer system
CN107094108A (en) * 2016-02-18 2017-08-25 大众汽车有限公司 The method for being connected to the part of data/address bus and encryption function being realized in the part
US10303886B2 (en) 2016-02-18 2019-05-28 Volkswagen Ag Component for processing a protectable datum and method for implementing a security function for protecting a protective datum in such a component
US10057071B2 (en) * 2016-02-18 2018-08-21 Volkswagen Ag Component for connecting to a data bus, and methods for implementing a cryptographic functionality in such a component
US20170244566A1 (en) * 2016-02-18 2017-08-24 Volkswagen Ag Component for connecting to a data bus, and methods for implementing a cryptographic functionality in such a component
US10664413B2 (en) 2017-01-27 2020-05-26 Lear Corporation Hardware security for an electronic control unit
US11314661B2 (en) 2017-01-27 2022-04-26 Lear Corporation Hardware security for an electronic control unit
US11184340B2 (en) * 2017-12-15 2021-11-23 Volkswagen Aktiengesellschaft Apparatus, method, and computer program for enabling a transportation vehicle component and vehicle-to-vehicle communication module
US11510051B2 (en) 2017-12-15 2022-11-22 Volkswagen Aktiengesellschaft Devices, methods, and computer program for releasing transportation vehicle components, and vehicle-to-vehicle communication module
US12120506B2 (en) 2017-12-15 2024-10-15 Volkswagen Aktiengesellschaft Devices, methods, and computer program for releasing transportation vehicle components, and vehicle-to-vehicle communication module
WO2019166398A1 (en) * 2018-02-27 2019-09-06 Robert Bosch Gmbh Computer program, particularly for a control unit of a motor vehicle
CN112514322A (en) * 2018-08-03 2021-03-16 大陆-特韦斯贸易合伙股份公司及两合公司 Method for managing keys inside a vehicle
US11811922B2 (en) 2018-08-03 2023-11-07 Continental Teves Ag & Co. Ohg Key generation device, a vehicle-internal communication system, and a method for the vehicle-internal management of cryptographic keys

Also Published As

Publication number Publication date
CN101350725A (en) 2009-01-21
KR20080075801A (en) 2008-08-19
JP2008271506A (en) 2008-11-06
EP1959606B1 (en) 2012-08-15
EP1959606A1 (en) 2008-08-20
ES2391786T3 (en) 2012-11-29

Similar Documents

Publication Publication Date Title
US20080192929A1 (en) Secure communication unit
US11618394B2 (en) Vehicle secure messages based on a vehicle private key
US11314661B2 (en) Hardware security for an electronic control unit
EP3348036B1 (en) Unauthorized access event notificaiton for vehicle electronic control units
WO2009147734A1 (en) Vehicle, maintenance device, maintenance service system, and maintenance service method
US20180270052A1 (en) Cryptographic key distribution
Kornaros et al. Towards holistic secure networking in connected vehicles through securing CAN-bus communication and firmware-over-the-air updating
US8035494B2 (en) Motor vehicle control device data transfer system and process
CN113497704A (en) Vehicle-mounted key generation method, vehicle and computer-readable storage medium
EP3320475B1 (en) A method and a system for reliable computation of a program
US12120506B2 (en) Devices, methods, and computer program for releasing transportation vehicle components, and vehicle-to-vehicle communication module
Sharma et al. Review of the security of backward-compatible automotive inter-ECU communication
Nasser Automotive Cybersecurity Engineering Handbook
JP7273947B2 (en) Methods for managing encryption keys in the vehicle
EP3694172B1 (en) System and method for controlling access to a cyber-physical system
CN116800531A (en) Automobile electronic and electric architecture and safety communication method
Chou et al. Enhancing OTA Update Security in Zonal Architecture for Automobiles
JP7003832B2 (en) Electronic control system for vehicles and electronic control device for vehicles
GB2544175A (en) Cryptographic key distribution
KR20250097732A (en) Method for deploying a computer-implemented functionality in a computing system
KR20250030513A (en) How to authenticate data
CN120359723A (en) Authentication method, device and system
JP2024055384A (en) Vehicle control device
Murvay Cryptographic security for vehicular controller area networks

Legal Events

Date Code Title Description
AS Assignment

Owner name: SECUNET SECURITY NETWORKS AKTIENGESELLSCHAFT, GERM

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KNECHTEL, HARRY;HOFMANN, MARCO;HETTSTEDT, GUNNAR;AND OTHERS;REEL/FRAME:020856/0831;SIGNING DATES FROM 20080401 TO 20080402

Owner name: SECUNET SECURITY NETWORKS AKTIENGESELLSCHAFT, GERM

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KNECHTEL, HARRY;HOFMANN, MARCO;HETTSTEDT, GUNNAR;AND OTHERS;SIGNING DATES FROM 20080401 TO 20080402;REEL/FRAME:020856/0831

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION